Authentication flow and membership models

Edit | Tags | Source | Print

Posted 1254308038|%O ago by michal frackowiakmichal frackowiak
The design describes an improvement to authentication flow and membership policies.

Login and registration

Many people find it confusing to leave current site (e.g. foo.wikidot.com) and create account / login at www.wikidot.com, which had separate layout, design and had no references to the original site. The reason why login and registration is at www.wikidot.com is security.

With the new design, logging in and creating accounts happen without leaving the original site. Assume an anonymous user is at site foo.wikidot.com. The options are:

Log in

A pop-up window appears above the current page, without leaving it. Dialog asks for username/email and password. When entered correctly, pop-up disappears and the current page refreshes, to reflect the new state (logged in).

Login pop-up also gives an option to create a new account or recover a forgotten password.

Browsers should remember login credentials much better.

20090930-de468t77t282n9fxr8ufwtss55.jpg

Create an account

A pop-up window appears above the current page, with the form collecting all required data for a new account. After successful validation of the entered data, the dialog says "Check your mailbox" and suggests that you close the dialog.

In the confirmation email there is link a user needs to click. Also, the email references the current site and mentions that it is hosted on Wikidot. After clicking a link user is taken through a series of necessary (automatic) redirects and taken back to the current page.

Other options in the dialog are: log-in.

20090930-qjr99xmucci5kb7md2ygpxb84r.jpg

The new flow integrates much better with sites and should be more consistent for users, does not interrupt the users by taking them to a separate website, and should allow more branding options for the authentication process in the future.

Membership model

We propose 3 membership policies for sites (instead of current 2):

Open

Everyone can join a site (become a member), without passwords or applying. Site is visible to all users.

If a site is "open", users that click "create account" while being on the site, automatically become members.

Closed

Replaces current "public" model. Site is visible to all users, but not everyone can become a member. Membership still happens by invitation, request, or password.

Private

Current private model is unchanged. Site is visible only to its members.

20090930-nu4u1wr6i58kka7i8kmwu25t4n.jpg

Admins can choose the model:

  • when creating a new site
  • when cloning a site
  • in the Site Manager, anytime
Add a New Comment